Suse Opensuse Tumbleweed vulnerabilities

9 known vulnerabilities affecting suse/opensuse_tumbleweed.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2025-62875MEDIUMCVSS 6.9≥ ?, < 7.8.0p0-1.12025-11-20
CVE-2025-62875 [MEDIUM] CWE-754 CVE-2025-62875: An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local user An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1.
cvelistv5nvd
CVE-2025-53882MEDIUMCVSS 4.8≥ ?, < 3.3.10-2.12025-07-23
CVE-2025-53882 [MEDIUM] CWE-807 CVE-2025-53882: A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration f A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSE mailman3 package allows the mailman user to sent SIGHUP to arbitrary processes. This issue affects openSUSE Tumbleweed: from ? before 3.3.10-2.1.
cvelistv5nvd
CVE-2025-23394CRITICALCVSS 9.8≥ ?, < 3.8.4-2.12025-05-26
CVE-2025-23394 [CRITICAL] CWE-61 CVE-2025-23394: A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows esc A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1.
cvelistv5nvd
CVE-2025-23386HIGHCVSS 7.8≥ ?, < 2.5.0-1.12025-04-10
CVE-2025-23386 [HIGH] CWE-276 CVE-2025-23386: A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1.
cvelistv5nvd
CVE-2024-49504HIGHCVSS 7.0≥ ?, < 2.12-28.12024-11-13
CVE-2024-49504 [HIGH] CWE-276 CVE-2024-49504: grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
cvelistv5nvd
CVE-2023-32190HIGHCVSS 8.5≥ ?, < 0.26-37.12024-10-16
CVE-2023-32190 [HIGH] CWE-125 CVE-2023-32190: mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges.
cvelistv5nvd
CVE-2024-22029HIGHCVSS 7.8≥ ?, < 9.0.85-3.12024-10-16
CVE-2024-22029 [HIGH] CWE-732 CVE-2024-22029: Insecure permissions in the packaging of tomcat allow local users that win a race during package ins Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
cvelistv5nvd
CVE-2024-22033MEDIUMCVSS 5.1≥ ?, < 0.2.1-1.12024-10-16
CVE-2024-22033 [MEDIUM] CWE-78 CVE-2024-22033: The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The at The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps
cvelistv5nvd
CVE-2024-22034MEDIUMCVSS 5.5≥ ?, < 1.9.0-1.12024-10-16
CVE-2024-22034 [MEDIUM] CVE-2024-22034: Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This a Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim
cvelistv5nvd